:: Re: [DNG] [OT] bash / quote weirdne…
Top Page
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] [OT] bash / quote weirdness
Antony Stone said on Thu, 13 Jan 2022 15:43:29 +0100


>$ "cat fstab"
>bash: cat fstab: command not found
>
>I have no idea what's really going on here.
>
>
>Antony.


Hi Anthony,

Different programs handle commands with arguments different ways. sed
-e handles the string that follows, which must be in quotes, as several
different words. The C system() function handles its one string argument
the same way, busting it into words delineated by spaces or beginning
or end of line. On the other hand, the C execve() function is fed an
array of strings, and doesn't do any splitting itself.

Likewise, my /bin/sh, which I believe is a symlink for dash, takes a
series of whitespace separated strings. If you quote something with a
one or more spaces inside, dash considers the entire quoted entity to
be exactly one string. This is one reason why, in shellscripts, you
need to quote almost all variables: So they act correctly with the
space laden filenames that windows dwoobydogs just love to create. Here
at Troubleshooters.Com, spaces and all punctuation except underscore
and hyphen are forbidden, but files coming in from the outside have
horrible filenames.

I'm pretty sure that, pertaining to quotes and whitespace, bash acts
like my dash. I quit using bash in shellscripts after that horrific
SHELLSHOCK security flaw (CVE-2014-6271) in 2014 and never came back.
Dash has a smaller attack surface.

This isn't to say I don't use bash. It's a spectacular interactive
shell. But I never use it for shellscripts. In 2014 I had to rewrite
over 100 shellscripts to use #!/bin/sh instead of #!/bin/bash.

So when you issue a command from a shellscript, that command must be
free from quotes except in places where the quoted material is
intentionally one string.

SteveT

Steve Litt
Spring 2021 featured book: Troubleshooting Techniques of the Successful
Technologist http://www.troubleshooters.com/techniques